SSL / HTTPS

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Going to be migrating to Exchange 2016 (from EX2010) and need some advice on External URL's and SSL Certs. On my Exchange 2010 I was using the host name of both my Internal & External URL's for Virtual Directories (ActiveSync, OWA, AOB, ..etc). I was told that it is recommended to not use the host name on these external url's. I should use ex.: mail.mydomain.com (use just general mail name instead of my host name). So should i just use this on my External URL's or both Internal and External?

When creating my new SSL Cert for EX2016 would I still need to put my host name on this Cert? My current SSL Cert (EX2010) has the following: hostname.mydomain.com; autodiscover.mydomain.com, legacy,mydomain.com; mydomain.com.

I use below codes to determine ssl is existed or not. For some reason, it is always "off" and we use CloudFlare free SSL. I just hope to know is there any difference.
This is our first time to use CloudFlare.

i use cloudflare free ssl for my website. and the steps are successful. and i can see valid ssl on my website in the browser.
my next task is to ensure all image, a href and etc. using https. so I use the following codes, and it always return "off"
meaning the ssl is not there. so I now do not know what's wrong. In addition, cloudflare free ssl is not necessary to be installed into my IIS server. I just want to ensure i am correct.

Hi ,
Advance thanks!
Am using .net framework 4.6.1 and class library project using c#. This project doesn't have config, startup.cs or global.ascx where i enforce string transport security (hsts ) on endpoints.
How to add the header to configure Strict Transport Security (HSTS). I think i should do something like below in the application but not sure how to do that. Please help....
Response.AddHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");

Hi,
Am using .net framework 4.6.1 and the class library project using C#. Need to enforce HTTP Strict Transport Security (HSTS) in all public facing http endpoints.I did configuration settings but it doesn't help me. Please help me about how to enforce HSTS on project and how to verify the site has hsts settings.
Have attached Properties window of the project, web.config, startup.cs .Please help...

Is certificate compromised if someone downloads the p7b file of the certificate? For example if they login to your godaddy or digicert and get the p7b file downloaded, does that jeopardize all the websites that the SSL certificate within was installed on?

Hello Friends, I need your help, We have our main website www.pleugerindustries.com, this website already installed SSL certificate. We also have registered other domain like pleuger.com, pleuger.us, pleuger.info and pleuger.org. Now all these domain are just registered, nothing is there, there is no SSL certificate as well. When I redirected these website to our main website www.pleugerindustries.com it successfully redirected but its need SSL certificate. Although the main website already have SSL certificated installed. Do I need SSL for all other domain? If I leave it like this it will insecure for my main website?? kindly though some light on it. Many thanks in advance.

We are having an issue with an app that allows users to work on their timesheet in the accounting software remotely from their phones.

It used to work fine until there were OS updates to the phones.

I was told by the accounting program's support that I had to do the following for the phone app to work.

Customer will need to do the following for the SSL certificate on their server:
Disable SSL2, SSL3, TLS1
Enable TLS 1.1 and 1.2:

What I do not understand is where to make these changes. I tried using a program called Crypto which allows you to enable and disable protocols on the server from a GUI but when I made the suggested changes we could not login to the accounting software from our desktops, and the app still did not work.

My question: Is there a difference with disabling the listed protocols in Server 2012 vs. doing it in the SSL certificate that is installed for the app?

If so, where do I go to make the protocol changes in the SSL certificate?

The server running the accounting program and the SSL certificate is a 2012 R2 server.

Experts,
We are planning to Implement SSL on our Sharepoint 2013 environment. Since i don't have deep knowledge about it , I would like to have your help to identify the advantage , Dis advantage and challenges for SSL Bridging , SSL Offloading and SSL Passthrough.

I got rate limited by letsencrypt and i had to change a domain from olddomain.ca to newdomain.com.

I now have everything working on newdomain.com and im trying to redirect traffic from newdomain.ca to newdomain.com so on cloudflare i created a page rule to redirect all traffic to olddomain.ca to newdomain.com but when users go to olddomain.ca they get a certificate warning for privacy error.

I have this redirect setup on the DNS, how is it even showing this error if i want to bypass it completely and just redirect to the new site?

I get this error in my browser:

NET::ERR_CERT_COMMON_NAME_INVALID
Subject: newdomain.com

Issuer: Let's Encrypt Authority X3

EDIT -- so i guess the issue is certificate handshake happens BEFORE redirect, sh*t how can i get rid of this message if i got rate limited by LetsEncrypt??? Should i purchase a valid SSL and apply it to this domain?

apache rewrite rules to redirect http(s) olddomian.com to newdomain.com
i made a custom VirtualHost .conf file for apache for my old domian to redirect every request to httpS new domain but it isn't working...?
i get either the old host or some an invalid URL... both FireFox and Chome show errors like this:The owner of OldDomian.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. The certificate is only valid for NewDomain.com.

After adding a new domain user, I logged into the computer she'd be using to setup the profile. After configuring the profile the same way I've done countless times, I opened both IE and Chrome to setup the home page in each.

Going to any https website yielded "Your connection is not private" in Chrome, and "There is a problem with this website’s security certificate." in IE.

Googling the issue showed that many others have experienced these errors as well...but with no resolution that I found.

I tried or checked the following:
The date and time were correct
Reset IE's settings to default
Uninstallined ESET End Point Antivirus
Deleted browser cache and cookies
Windows updates were current
Multiple malware scans
Tried Chrome's incognito window
Deleted the new profile plus others that were no longer used
The computer otherwise ran normally

A vendor offers a mobile app for tracking vehicles & this app links back to their server in Azure cloud.
We install this app on our corporate mobile devices. We have
a) iPhone 5 on IOS 10.x
b) certain iPad models on IOS 9.x
c) Android phones on Android 4.4

Q1:
Vendor told us they can't enforce TLS1.2 on their app as they have other customer (also in transport
related industry) with mobile devices still using Android 4.x, thus they'll to still permit TLS1.0 & 1.1.
Is this enforcement of TLS version something that's done at the server end (in the cloud) or at the
mobile app side?

The vendor currently supports only 1 version of the mobile app, thus they can't customize this app
specifically for us just to enforce certain TLS version as advised by them.
Q2:
What's the highest version of TLS (1.2, 1.1 or 1.0) that IOS 9.x and Android 4.4 could support?

Q3:
Anyone know if mobile apps can be made to go for TLS 1.2 first, failing which, it'll fall back to
1.1 & if this fails, then 1.0 ? If it can be done, is this at server or client end?

Q4:
Suppose there's a load balancer (eg: F5 or A10) at the server end, does the cert installed at
the loadbalancer matters where TLS version support is concerned?

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

Experts,
We have 2013 sharepoint farm. We are planning to implement SSL (http to https) to our web application. We have 4 front end servers , 6 Application servers. We would like to know what is the advantage and dis advantage to implement SSL on back end server or Load balance? Also we are planning to migrate our Sharepoint 2013 to Office 365 so what is the common practice to implement (server or load balance)?

I am currently trying to get LDAPS to work to enable me to link my AD to a 3rd party company. I am however having some issues with the certificate side of things.

The DC's FQDN is "mydc.internal.mycompany.com"
Our public domain is "mycompany.com"
I purchased the certificate with the CN = mydc.mycompany.com and created an internal DNS A record to point mydc.mycompany.com to the IP address of the DC. Therefore, if I ping both mydc.mycompany.com OR mydc.internal.thewinesociety.com BOTH resolve to the same location.

However, if I use LDP.exe to test the connection from my pc to the DC (using the server address mydc.mycompany.com), the LDAPS is failing to connect.

The instruction guide I followed said that I could use the public domain name in the certificate as long as I used a DNS A record to then resolve this. However, I have since read contradictory information to this, so I am not sure if I certificate is ever going to work doing this.

I have downloaded all available root certificates.
Now I have an sst file.
How to install this sst file via certutil in CMD ?
I have to install all certificates to the local computer account to the root certificates.

I need to add DoD Root CA 5 to all the machines is Domain. We're operating in a closed loop environment, so InstallRoot tool is not an option. Looking for a way to download the certificate for offline deployment, then push to all clients.

I have a very strange problem with https sites.
In one department we have 10 persons. They connect all over the same firewall policy to the internet.
But two of them cannot connect to some sites like -> www.orf.at
Other https sites work.
On the policy I have disabled all UTM features, no webfilter is active.

The users geht this error in each browser : DLG_FLAGS_INVALID_CA

Please can you help me out ?
So far this problem is just on WIN10 machines.

SSL / HTTPS

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.